CVE-2013-1690
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- February 13, 2013
- Published Date
- June 26, 2013
- Last Updated
- February 07, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2022-03-28 00:00:00 UTC) Source
References
http://www.ubuntu.com/usn/USN-1890-1
http://rhn.redhat.com/errata/RHSA-2013-0982.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html
https://bugzilla.mozilla.org/show_bug.cgi?id=857883
http://www.mozilla.org/security/announce/2013/mfsa2013-53.html
http://rhn.redhat.com/errata/RHSA-2013-0981.html
http://www.ubuntu.com/usn/USN-1891-1
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html
http://www.debian.org/security/2013/dsa-2716
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html
http://www.debian.org/security/2013/dsa-2720
https://bugzilla.mozilla.org/show_bug.cgi?id=901365
http://www.securityfocus.com/bid/60778
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-28 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mozilla_firefox_onreadystatechange.rb | 2025-04-29 11:01:31 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
mozilla_firefox_onreadystatechange
Type: metasploit • Created: Unknown
Metasploit module for CVE-2013-1690